DOT IG Auditing FAA Cybersecurity Actions

The Department of Transportation Inspector General has launched an audit of the FAA’s role and responsibilities as a member of the Aviation Cybersecurity Initiative (ACI) interagency task force. In addition to the FAA, the Departments of Homeland Security and Defense participate in the task force. The three agencies work together to identify and mitigate cybersecurity vulnerabilities affecting the aviation industry and the public.

“Cyber-based threats from both internal and external sources are rapidly evolving,” the IG said in a letter announcing the audit. “At the same time, the FAA’s ATC system is becoming more interconnected as the agency introduces a range of new communication, navigation, and surveillance capabilities. Our audit objective is to examine the FAA’s roles, responsibilities, and actions as an ACI member, especially those that pertain to its authority over civil aviation and air traffic management.”

The audit comes at the request of the chairman of the U.S. House Transportation and Infrastructure Committee. Congress had directed the FAA in the FAA Extension, Safety, and Security Act of 2016 to develop a “comprehensive and strategic framework of principles and policies to reduce cybersecurity risks to the ATC system.”

Specifically, the act requires the FAA to use “a total systems approach that takes into consideration the interactions and interdependence of different components of aircraft systems and the national airspace system.”